diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2014-08-16 18:16:26 +0100 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2014-08-28 18:10:21 +0100 |
commit | 6db2239c608a3d434238e0ca64ff962711bed190 (patch) | |
tree | 578608cabcc5142a7a5b495ab2647c1e28865e70 /ssl/ssl.h | |
parent | 423ceb831903339b589ea7b94c877ed190a7cb64 (diff) |
New extension callback features.
Support separate parse and add callback arguments.
Add new callback so an application can free extension data.
Change return value for send functions so < 0 is an error 0
omits extension and > 0 includes it. This is more consistent
with the behaviour of other functions in OpenSSL.
Modify parse_cb handling so <= 0 is an error.
Make SSL_CTX_set_custom_cli_ext and SSL_CTX_set_custom_cli_ext argument
order consistent.
NOTE: these changes WILL break existing code.
Remove (now inaccurate) in line documentation.
Reviewed-by: Emilia Käsper <emilia@openssl.org>
(cherry picked from commit 33f653adf3bff5b0795e22de1f54b7c5472252d0)
Diffstat (limited to 'ssl/ssl.h')
-rw-r--r-- | ssl/ssl.h | 62 |
1 files changed, 19 insertions, 43 deletions
@@ -385,36 +385,23 @@ typedef int (*tls_session_ticket_ext_cb_fn)(SSL *s, const unsigned char *data, i typedef int (*tls_session_secret_cb_fn)(SSL *s, void *secret, int *secret_len, STACK_OF(SSL_CIPHER) *peer_ciphers, SSL_CIPHER **cipher, void *arg); #ifndef OPENSSL_NO_TLSEXT -/* Callbacks and structures for handling custom TLS Extensions: - * cli_ext_add_cb - sends data for ClientHello TLS Extension - * cli_ext_parse_cb - receives data from ServerHello TLS Extension - * srv_ext_parse_cb - receives data from ClientHello TLS Extension - * srv_ext_add_cb - sends data for ServerHello TLS Extension - * - * All these functions return nonzero on success. Zero will terminate - * the handshake (and return a specific TLS Fatal alert, if the function - * declaration has an "al" parameter). -1 for the "sending" functions - * will cause the TLS Extension to be omitted. - * - * "ext_type" is a TLS "ExtensionType" from 0-65535. - * "in" is a pointer to TLS "extension_data" being provided to the cb. - * "out" is used by the callback to return a pointer to "extension data" - * which OpenSSL will later copy into the TLS handshake. The contents - * of this buffer should not be changed until the handshake is complete. - * "inlen" and "outlen" are TLS Extension lengths from 0-65535. - * "al" is a TLS "AlertDescription" from 0-255 which WILL be sent as a - * fatal TLS alert, if the callback returns zero. - */ + +/* Typedefs for handling custom extensions */ typedef int (*custom_ext_add_cb)(SSL *s, unsigned int ext_type, const unsigned char **out, size_t *outlen, int *al, - void *arg); + void *add_arg); + +typedef void (*custom_ext_free_cb)(SSL *s, unsigned int ext_type, + const unsigned char *out, + void *add_arg); typedef int (*custom_ext_parse_cb)(SSL *s, unsigned int ext_type, const unsigned char *in, size_t inlen, int *al, - void *arg); + void *parse_arg); + #endif @@ -1257,30 +1244,19 @@ const char *SSL_get_psk_identity(const SSL *s); #endif #ifndef OPENSSL_NO_TLSEXT -/* Register callbacks to handle custom TLS Extensions as client or server. - * - * Returns nonzero on success. You cannot register twice for the same - * extension number, and registering for an extension number already - * handled by OpenSSL will fail. - * - * NULL can be registered for any callback function. For the client - * functions, a NULL custom_ext_add_cb sends an empty ClientHello - * Extension, and a NULL custom_ext_parse_cb ignores the ServerHello - * response (if any). - * - * For the server functions, a NULL custom_ext_parse means the - * ClientHello extension's data will be ignored, but the extension will still - * be noted and custom_ext_add_cb will still be invoked. A NULL - * custom_srv_ext_second_cb doesn't send a ServerHello extension. - */ +/* Register callbacks to handle custom TLS Extensions for client or server. */ + int SSL_CTX_set_custom_cli_ext(SSL_CTX *ctx, unsigned int ext_type, - custom_ext_add_cb add_cb, - custom_ext_parse_cb parse_cb, void *arg); + custom_ext_add_cb add_cb, + custom_ext_free_cb free_cb, + void *add_arg, + custom_ext_parse_cb parse_cb, void *parse_arg); int SSL_CTX_set_custom_srv_ext(SSL_CTX *ctx, unsigned int ext_type, - custom_ext_parse_cb parse_cb, - custom_ext_add_cb add_cb, void *arg); - + custom_ext_add_cb add_cb, + custom_ext_free_cb free_cb, + void *add_arg, + custom_ext_parse_cb parse_cb, void *parse_arg); #endif #define SSL_NOTHING 1 |